/ Check-in [dc61b292]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix a potential NULL pointer deference on a corrupt database schema.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: dc61b292d8eaf422ca8a2b18f1caccef1a5389fd
User & Date: drh 2015-04-19 19:21:19
References
2015-05-20
20:24
Fix a potential NULL pointer deference on a corrupt database schema. Cherrypick of [dc61b292d8ea]. check-in: 7f3943fb user: dan tags: branch-3.8.6
Context
2015-05-20
20:24
Fix a potential NULL pointer deference on a corrupt database schema. Cherrypick of [dc61b292d8ea]. check-in: 7f3943fb user: dan tags: branch-3.8.6
2015-04-19
20:39
Fix a faulty assert in the schema parsing logic. check-in: b1ed9495 user: drh tags: trunk
19:21
Fix a potential NULL pointer deference on a corrupt database schema. check-in: dc61b292 user: drh tags: trunk
18:32
Bring comments on the INSERT code generator up-to-date. Fix the INSERT code generator so that it correctly handles inserts from a SELECT into a virtual table with non-terminal hidden columns. check-in: 4ac81fac user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to src/expr.c.

1247
1248
1249
1250
1251
1252
1253

1254
1255
1256
1257
1258
1259
1260
1261
** ExprList.
*/
u32 sqlite3ExprListFlags(const ExprList *pList){
  int i;
  u32 m = 0;
  if( pList ){
    for(i=0; i<pList->nExpr; i++){

       m |= pList->a[i].pExpr->flags;
    }
  }
  return m;
}

/*
** These routines are Walker callbacks used to check expressions to







>
|







1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
** ExprList.
*/
u32 sqlite3ExprListFlags(const ExprList *pList){
  int i;
  u32 m = 0;
  if( pList ){
    for(i=0; i<pList->nExpr; i++){
       Expr *pExpr = pList->a[i].pExpr;
       if( pExpr ) m |= pList->a[i].pExpr->flags;
    }
  }
  return m;
}

/*
** These routines are Walker callbacks used to check expressions to

Changes to test/misc1.test.

639
640
641
642
643
644
645
646














647
  VALUES(0,0x0MATCH#0;
} {1 {near ";": syntax error}}

# 2015-04-15
do_execsql_test misc1-22.1 {
  SELECT ""+3 FROM (SELECT ""+5);
} {3}















finish_test








>
>
>
>
>
>
>
>
>
>
>
>
>
>

639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
  VALUES(0,0x0MATCH#0;
} {1 {near ";": syntax error}}

# 2015-04-15
do_execsql_test misc1-22.1 {
  SELECT ""+3 FROM (SELECT ""+5);
} {3}

# 2015-04-19: NULL pointer dereference on a corrupt schema
#
do_execsql_test misc1-23.1 {
  DROP TABLE IF EXISTS t1;
  DROP TABLE IF EXISTS t2;
  CREATE TABLE t1(x);
  PRAGMA writable_schema=ON;
  UPDATE sqlite_master SET sql='CREATE table t(d CHECK(T(#0)';
  BEGIN;
  CREATE TABLE t2(y);
  ROLLBACK;
  DROP TABLE IF EXISTS t3;
} {}

finish_test